39 matches found
EUVD-2024-50973
Malicious code in bioql PyPI...
EUVD-2024-2433
Malicious code in bioql PyPI...
EUVD-2023-57399
Malicious code in bioql PyPI...
The vulnerability of the Command Line Interface (CLI) of the Skupper package, a software management and microservice integration tool for cloud and hybrid environments under Red Hat Service Interconnect, allows an attacker to gain unauthorized access to protected information or cause service failures.
The vulnerability of the Command Line Interface CLI of the Skupper package, a software tool for managing and integrating microservices in cloud and hybrid environments of Red Hat Service Interconnect, relates to the bypassing of authentication by using the default mode. Exploiting this...
CVE-2024-12582
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the...
CVE-2024-12582
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the...
CVE-2024-12582
CVE-2024-12582 affects the Skupper/Red Hat Service Interconnect console. A flaw in the default authentication method persists a random admin password in plaintext in a Kubernetes secret or podman volume, enabling an attacker to read user files inside the container and potentially trigger resource...
CVE-2024-12582 Skupper: skupper-cli: flawed authentication method may lead to arbitrary file read or denial of service
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the...
SUSE CVE-2024-12582
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the...
PT-2024-9926 · Unknown · Skupper Console
Name of the Vulnerable Software and Affected Versions: Skupper console affected versions not specified Description: A flaw was found in the Skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybr...
Red Hat Service Interconnect 安全漏洞
Red Hat Service Interconnect, a Red Hat company, is based on the open source project Skupper and is designed to simplify application connectivity across hybrid cloud environments. A security vulnerability exists in Red Hat Service Interconnect that stems from the use of a flawed authentication...
RHSA-2023:6165 Red Hat Security Advisory: skupper-cli and skupper-router security update
Bulletin has no description...
The vulnerability of the Skupper package, a software tool for managing and integrating microservices in cloud and hybrid environments of Red Hat Service Interconnect, allows a hacker to bypass the authentication process.
The vulnerability of the Skupper package, a software tool for managing and integrating microservices in cloud and hybrid environments of Red Hat Service Interconnect, is related to the use of default credentials. Exploiting this vulnerability could allow an attacker to bypass authentication...
Moderate: Red Hat Security Advisory: Red Hat Service Interconnect security update
An update is now available for Service Interconnect 1 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Moderate: Red Hat Security Advisory: Red Hat Service Interconnect security update
An update is now available for Service Interconnect 1.4 LTS for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
GO-2024-2987 Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper
Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper...
Authentication Bypass
Skupper is vulnerable to Authentication Bypass. The vulnerability is due to configuring the OpenShift oauth-proxy with a static cookie-secret, which allows an attacker to bypass authentication via a specially-crafted cookie when console-auth is set to OpenShift...
GHSA-W799-V85J-88PG Skupper uses a static cookie secret for the openshift oauth-proxy
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
Skupper uses a static cookie secret for the openshift oauth-proxy
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
CVE-2024-6535
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...